Introduction
These release notes provide a comprehensive overview of the new features, enhanced functionalities, and resolved issues found in version 4.1 of NEMO. Additionally, it includes the details of the patch versions associated with release 4.1.
What's new in NEMO 4.1
Devices Support
SRE Support
Support has been added for the Netaxis Solutions Session Routing Engine (SRE). CDRs produced by this equipment can now be processed by NEMO. Moreover, it is possible to define which fields are to be used to identify the ingress/egress context. In combination with the custom CDR fields of SRE, this feature allows the service provider to choose the right level of granularity. A new collector has been implemented to collect the CDRs in CSV format.
VXLAN-Based Virtual Tapping
The probes have been improved to support VXLAN-based virtual tapping. In virtualized and cloud environments where it is often impossible to set up physical port mirroring, the probes are now able to capture traffic forwarded through the VXLAN protocol to their interface and decode this traffic.
Probe NAT Mapping Table
It is now possible to supply a NAT mapping file for SDP addresses through the use of the probe option -natMapping followed by the CSV filename of the mapping file (that should be stored in /opt/nemo/etc/ on the probe). This file must be a valid CSV file (comma-separated) without headers. First column is the IP address found in the SDP and second column is the translated IP address to be captured for RTP packets.
Example file:
187.32.17.43,10.50.0.23
187.32.17.47,172.16.2.7
187.32.17.41,192.168.3.7In this example, if the probe captures an SDP where the connection IP address is 187.32.17.43 and RTP capture is active for that call, the probe will instead activate RTP capture for the IP address 10.50.0.23.
This feature is useful in NATed environment where the SBC is aware of the NAT being applied and thus use public IP addresses in SDP but the probe itself, being behind the NAT device, captures packets with private (i.e. NATed) IP addresses.
Graphs
New Number Analysis Graphs
The sources and destinations breakdown graphs have been completed to provide statistics about all possible combinations of these criteria:
- direction: ingress or egress
- party: calling party number (caller) or called party number (callee)
- metric type: volume (number of minutes) or count (number of calls)
From the base 3 types of charts: National vs. International, National, and International breakdowns, 24 different charts are available.
Operational Tools
New SFTP Synchronisation Process
A new generic SFTP synchronization process has been added to NEMO. In previous deployments, there has often been a need to develop custom scripts to retrieve CDR files from devices or IT systems. This new process is generic enough to cover most file transfer scenarios.
Improved nemo-admin Tool
The nemo-admin tool has been completely redesigned to provide several functions to help troubleshoot issues or gather information about the system.
Example:
$ /opt/nemo/bin/nemo-admin calls daily-count broadsoft
Start End Count
---------- ---------- -------
2023-08-23 2023-08-24 815587
2023-08-24 2023-08-25 762182
2023-08-25 2023-08-26 493739
2023-08-26 2023-08-27 223498
2023-08-27 2023-08-28 59421
2023-08-28 2023-08-29 591160
2023-08-29 2023-08-30 580230APIO Integration
Broadworks Line Type
Broadworks CDRs do not contain any information about the line type of users (e.g. call-center, auto-attendant, ...). NEMO can now perform an API query to APIO to retrieve the user line type and inject this information into the DB. The new data is then available to compute fine-grained statistics about Broadwors users. These improved stats are queried by the self-care portal to provide advanced statistics and filtering.
Authentication & Security
Brute Force Login Attempts
The authentication mechanisms have been improved to detect brute-force login attempts. When a client performs too many failed authentication attempts (configurable) during 1 minute, that client is black-listed for 1 minute.
Improved Cookies Security
Releases 4.1.4+
The cookie security parameters httponly and secure can now be enabled in the file /opt/nemo/gui/main.conf. These parameters improve the security by preventing session cookie leakage. HTTPS must be enabled on Nemo or the reverse proxy in front of it to enable the parameter secure.
Improved LDAP Authentication Layer
The LDAP authentication layer has been improved so that the username entered for authenticating can be manipulated through the user of regular expressions to perform complex authentication operations and filtering (to allow only a subset of users to access NEMO).
GUI Improvements
Improved Anomalies Browser
The anomalies browser has been improved to let the user filter anomalies on severity and type.
Miscellaneous Enhancements
The following is a list of minor enhancements which do not affect the main functionality of NEMO:
- added configurable calls search query window
- added possibility to select labels in stats exports
- added actual value in pie chart labels
- cached call count per day for page platform statistics
- implemented caching of APIO layer
- improved period parsing of APIO layer
- improved logging with performance
- added grand sum/avg in export data
- added custom metrics for plugin Italtel
- added log rotation for GUI and REST API
- added post-insert plugin for Italtel collector to insert records in Engo format
- implemented batch inserts for Metaswitch plugin
- added pluggable framework to post read record for Italtel collector
- added post-insert plugin for Metaswitch collector to insert records in Engo format
- adapted mongo connection to work with URI
- added SFTP directory synchronization process
- added support for Italtel equipment
- enhanced stats exports access rights
- improved LDAP authentication layer to handle non-empty filter results in case of search failure
- adapted search calls groups input to list only groups from selected plugin
- improved APIO layer with BHCA metric and multi-groups stats retrieval
- added remote IP and port to audit log
- added indentation of sub-page privileges in user access settings
Patch Versions Release Notes
Release 4.1.1
| Pull id | Fix |
|---|---|
| 574 | fixed check on STATS_INTENSITY presence in plugin |
| 572 | added parameter stars on search calls API to mask the end of numbers for GDPR compliance |
| 570 | added distinct files to track already transferred files for each instance of nemo-sftp-sync |
| 568 | improved Broadsoft line type identification performance based on production experience |
| 566 | added mechanism to limit stats engine max processed call OID |
| 564 | added mechanism to compute distinct stats for internal and external calls for Broadsoft |
| 561 | fixed search calls API in case of Broadsoft group filter |
| 556 | fixed computation of Mediant jitter distribution stats |
Release 4.1.2
| Pull id | Fix |
|---|---|
| 581 | added pluggable IPFIX collector [experimental] |
| 577 | fixed anomalies user access rights when multiple plugins are active |
Release 4.1.3
| Pull id | Fix |
|---|---|
| 597 | fixed src/dst IP for IPFIX collector; added support for several SBC's |
| 590 | fixed Broadworks line type augmenter if API URL is not defined |
| 586 | fixed search when normalized number length is greater than 15 digits |
Release 4.1.4
| Pull id | Fix |
|---|---|
| 627 | updated Javascript libraries |
| 625 | explicitly declared maskable fields for calls search API; added Broadsoft option to return normalized numbers as unnormalized |
| 622 | added command daily-count to nemo-admin |
| 621 | fixed trace analysis to support IPv6; fixed RTP decoding in case of dual VLAN layer |
| 618 | improved cookies security: manage httponly and secure attributes |
Release 4.1.5
| Pull id | Fix |
|---|---|
| 635 | fixed escape of CDR details |
| 632 | added option to supply NAT mapping CSV file to probe |
| 630 | fixed extraction of RTP payload for audio playback in case of VXLAN mirroring |
Release 4.1.6
| Pull id | Fix |
|---|---|
| 639 | fixed calls columns escape; fixed Broadsoft escaping through REST API |
| 593 | fixed search query for CDR search API |
Release 4.1.7
| Pull id | Fix |
|---|---|
| 641 | fixed XSS vulnerability for labelled groups and tags assignment |
Release 4.1.8
| Pull id | Fix |
|---|---|
| 662 | fixed REST API CDR search to prevent finding Broadsoft calls with calling line identity presentation set to Anonymous |
| 656 | masked calling & callingNormalized if CLIR detected |
| 654 | fixed selection of visible data series in graph legend |
| 645 | added support for insecure TLS for Broadworks line augment |
| 610 | fixed stats exports fallback to Nemo-computed MOS when CDR-provided MOS is not present |
| 606 | fixed probe MOS computation with payload type |
| 604 | fixed clear of dropdowns when clicking clear form in search calls |
| 602 | fixed call search results columns formatting when fields are missing from the docs |
Release 4.1.9
| Pull id | Fix |
|---|---|
| 669 | fixed API CDR search query when searched group is not found |
| 666 | fixed queue runner auto-enable stats |
Release 4.1.10
| Pull id | Fix |
|---|---|
| 712 | removed display of internal calls in graph legend for traffic intensity and max simultaneous calls when not enabled |
| 697 | added new APIO layer stats orig_calls_redirected_answered and orig_calls_redirected_not_answered |
| 687 | adapted Broadsoft line type augmenter to resolve user id both with FQDN and without |
| 683 | added record id export to netnetsd objects exports |
| 680 | added selective stats removal to nemo-admin |
Release 4.1.11
| Pull id | Fix |
|---|---|
| 722 | improved datatables performance for groups with assignments |
| 718 | improved of datatables operations (caching, loading, sorting and filtering) |
| 716 | added new computed statistics to APIO layer for redirected calls and follow-me calls |
Release 4.1.12
| Pull id | Fix |
|---|---|
| 730 | added line type filter hunt-group to APIO layer |
| 727 | added call type filter internal to APIO layer; improved Broadworks XML collector resiliency in presence of CDRs without service provider field |
| 724 | added query parameters to filter periods of days for APIO stats |
Release 4.1.13
| Pull id | Fix |
|---|---|
| 757 | fixed parsing of Broadworks CSV CDR special characters escaping |
| 744 | added mechanism to filter out duplicate TCP segments |
Upgrade from 4.0
If you are coming from a release prior to 4.0, refer to the release notes for that release to perform the intermediate steps
The upgrade of the 4.1 platform can be done by using the new rpm.
NEMO RPM Update
To launch the upgrade, on all servers do:
# yum install /<path>/nemo-4.1.x.-y.x86_64.rpmAfter you need to restart NEMO with:
# systemctl restart nemoDowngrade from 4.1 to 4.0
Install the previous rpm on all servers with the command:
# yum downgrade /<path>/nemo-4.0.x.-y.x86_64.rpmPatch Upgrade Path from 4.1.x
To upgrade to a target patch release, the Admin needs to check the upgrade path to know which actions to take.
It is important to highlight that an action needed at a patch level 4.1.N is also needed for direct upgrade to 4.1.N+1, 4.1.N+2, ...
| Patch release | Needed actions |
|---|---|
| 4.1.1 | None |
| 4.1.2 | None |
| 4.1.3 | None |
| 4.1.4 | main.conf was updated and will be installed as /opt/nemo/gui/main.conf.rpmnew in case of RPM update: new options need to copied over to the existing main.conf file |
| 4.1.5 | None |
| 4.1.6 | None |
| 4.1.7 | None |
| 4.1.8 | None |
| 4.1.9 | None |
| 4.1.10 | None |
| 4.1.11 | None |
| 4.1.12 | None |
| 4.1.13 | None |
In addition to the listed needed actions:
On all servers, do as root:
# yum update /<path>/nemo-4.1.x.-y.x86_64.rpm